From: Christoph Hellwig <hch@lst.de>
To: Milan Broz <gmazyland@gmail.com>
Cc: Damien Le Moal <dlemoal@kernel.org>,
Christoph Hellwig <hch@lst.de>,
linux-scsi@vger.kernel.org, jejb@linux.ibm.com,
martin.petersen@oracle.com, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] scsi: use ATA-12 pass-thru for OPAL as fallback
Date: Mon, 16 Oct 2023 15:27:30 +0200 [thread overview]
Message-ID: <20231016132730.GA27013@lst.de> (raw)
In-Reply-To: <5831286b-e3d0-4b87-9c5c-dbcb420d1b67@gmail.com>
On Mon, Oct 16, 2023 at 02:46:03PM +0200, Milan Broz wrote:
> The problem is that we (for simplicity) decided to use kernel SED-ioctl interface that
> internally wraps OPAL command to SCSI SECURITY command only. It means, that all devices
No, it doesn't. It uses the properly specified protocol for each
layer. That is NVMe uses NVMe Security Send/Receive, SCSI uses the
SCSI protocol, and libata translats for ATA devices.
> that can use ATA-12 just cannot work with this kernel interface (unlike userspace which
> can decide which wrapper to use).
It supports all devices that actually speak ATA perfectly fine, take
a look at ata_scsi_security_inout_xlat.
>
> And IMO it is not correct - if it was designed only for some servers with directly connected
> devices, then it is really not generic OPAL support. It should work for any hw that supports it.
Let's get off your crack pipe before we continue. It is designed and
implemented to support the security protocols exactly as spec'ed.
You seem to have found devices that claim to be SCSI, but actually
require ATA passthrough for security. That's no secret cabal to lock
out non-server hardware but just proper protocol design.
> For USB, it actually works quite nice with the patch (ignoring usual bugs in firmware).
So move it into usb if you can convince the usb maintainers that they
are fine with it.
>
>>
>> Note that nowhere in your patch do you test if you are talking to an ATA device.
>
> Yes, I know. I expected the command to be rejected if not supported.
Good luck. Cheap storage hardware trips up on unknown commands all the
time.
> IMO it is quite similar to discard/TRIM support...
Where we also don't support weird ATA commands directly from sd
for good reason.
next prev parent reply other threads:[~2023-10-16 13:27 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-16 7:02 [PATCH] scsi: use ATA-12 pass-thru for OPAL as fallback Milan Broz
2023-10-16 7:05 ` Christoph Hellwig
2023-10-16 7:24 ` Milan Broz
2023-10-16 11:54 ` Damien Le Moal
2023-10-16 12:46 ` Milan Broz
2023-10-16 13:01 ` Damien Le Moal
2023-10-16 13:27 ` Christoph Hellwig [this message]
2023-10-16 16:01 ` Milan Broz
2023-10-16 13:20 ` Christoph Hellwig
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231016132730.GA27013@lst.de \
--to=hch@lst.de \
--cc=dlemoal@kernel.org \
--cc=gmazyland@gmail.com \
--cc=jejb@linux.ibm.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-scsi@vger.kernel.org \
--cc=martin.petersen@oracle.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox